- Wiredrive is preparing for SSAE16 compliance and needed a suite of tools to validate secure coding best practices.
- Wiredrive’s Enterprise clients required recurring penetration tests and static code scans to audit the platform’s security.
- Wiredrive needed an internal solution that integrates with its Continuous Integration (CI) SDLC process, which uses Atlassian’s Bamboo and GIT as the source repository.
- Wiredrive needed to scan its WordPress plugin and sample code.
During the evaluation process, Wiredrive reviewed several open source solutions that failed to locate known vulnerabilities. Wiredrive asked their Enterprise customers’ security departments for security audit recommendations. After additional research, Wiredrive realized that the recommended security vendors were frequently using Checkmarx. When one of Wiredrive’s major customers specifically recommended Checkmarx, they decided to evaluate the product.
The selection of Checkmarx
Wiredrive found Checkmarx’s CxCloud solution to be very easy to use. As a first step, Wiredrive tested its WordPress plugin and identified one unknown vulnerability. The test was easy to perform because CxCloud integrated directly with Github. CxCloud showed the complete attack vector and recommended the best fix locations in the code.
Wiredrive ran their second test to validate their custom framework, which revealed both known and unknown vulnerabilities. Since Checkmarx met all evaluation requirements, Wiredrive signed up.
As a first pass, Wiredrive uploaded the code base directly to CxCloud and ran a full scan. The QA team grouped the results and prioritized remediation. The initial scans found vulnerabilities in the deprecated code, which was quickly addressed. Wiredrive successfully integrated Bamboo with the Checkmarx CLI interface with the help from the Checkmarx’s support team. This let developers fix bugs and see the number of vulnerabilities decrease on an ongoing basis.
Now, Wiredrive runs a full scan on every build to make sure that new code adheres to secure coding best practices. This process satisfies their most demanding Enterprise customer requirements.
Wiredrive (www.wiredrive.com) is the cloud media sharing service of choice for the world’s largest advertising, entertainment and consumer marketing companies. Production, sales and marketing teams trust Wiredrive to simplify the logistics of creativity and securely manage their most important media assets. Wiredrive brings people and media together in a shared space where hard work and great ideas blossom into amazing things. Wiredrive is a fast-growing, profitable and privately-owned company founded in 1999. The Wiredrive team consists of 35 employees and has offices in the media capitals of Los Angeles, New York, San Francisco and London.
The Bottom Line
The sales cycle and product evaluation was simple and straightforward. The Checkmarx team was prompt and helpful throughout the entire sales and onboarding cycle. Technologically, the product exposed unknown vulnerabilities for remediation. Wiredrive’s management team finds Checkmarx executive reports simple and easy to understand. Finally, Wiredrive’s Enterprise customers have responded positively by signing up additional departments and referring new customers.
“Checkmarx plays a fundamental roll in hardening our web application. Exploits are becoming more sophisticated and Checkmarx is our first line of defense.“